From 62a45bdc11bc98ca4c24b0b8aa54c9d2958f81a1 Mon Sep 17 00:00:00 2001 From: Maxim Filippov Date: Mon, 11 Feb 2019 00:49:56 +0300 Subject: [PATCH] Add revoke token --- lib/pleroma/web/oauth/token.ex | 11 ++++++++- lib/pleroma/web/router.ex | 1 + .../web/twitter_api/twitter_api_controller.ex | 6 +++++ .../twitter_api_controller_test.exs | 23 ++++++++++++++++--- 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/lib/pleroma/web/oauth/token.ex b/lib/pleroma/web/oauth/token.ex index 40bf0ac6b..380a39360 100644 --- a/lib/pleroma/web/oauth/token.ex +++ b/lib/pleroma/web/oauth/token.ex @@ -53,9 +53,18 @@ defmodule Pleroma.Web.OAuth.Token do |> Repo.delete_all() end - def get_user_tokens(%User{id: user_id}) do + def delete_user_token(%User{id: user_id}, token_id) do from( t in Pleroma.Web.OAuth.Token, + where: t.user_id == ^user_id, + where: t.id == ^token_id + ) + |> Repo.delete_all() + end + + def get_user_tokens(%User{id: user_id}) do + from( + t in Token, where: t.user_id == ^user_id ) |> Repo.all() diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index a394900b2..d45fa526e 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -391,6 +391,7 @@ defmodule Pleroma.Web.Router do get("/externalprofile/show", TwitterAPI.Controller, :external_profile) get("/oauth_tokens", TwitterAPI.Controller, :oauth_tokens) + delete("/oauth_tokens/:id", TwitterAPI.Controller, :revoke_token) end pipeline :ap_relay do diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 1a43e9a60..fac05f288 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -554,6 +554,12 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end end + def revoke_token(%{assigns: %{user: user}} = conn, %{"id" => id} = _params) do + Token.delete_user_token(user, id) + + json_reply(conn, 201, "") + end + def blocks(%{assigns: %{user: user}} = conn, _params) do with blocked_users <- User.blocked_users(user) do conn diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index c50d82def..527a920fb 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -8,6 +8,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do alias Pleroma.Builders.{ActivityBuilder, UserBuilder} alias Pleroma.{Repo, Activity, User, Object, Notification} alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.OAuth.Token alias Pleroma.Web.TwitterAPI.UserView alias Pleroma.Web.TwitterAPI.NotificationView alias Pleroma.Web.CommonAPI @@ -1878,12 +1879,16 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end describe "GET /api/oauth_tokens" do - test "renders list" do - token = insert(:oauth_token) + setup do + token = insert(:oauth_token) |> Repo.preload(:user) + %{token: token} + end + + test "renders list", %{token: token} do response = build_conn() - |> assign(:user, Repo.get(User, token.user_id)) + |> assign(:user, token.user) |> get("/api/oauth_tokens") keys = @@ -1893,5 +1898,17 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do assert keys -- ["id", "refresh_token", "token", "valid_until"] == [] end + + test "revoke token", %{token: token} do + response = + build_conn() + |> assign(:user, token.user) + |> delete("/api/oauth_tokens/#{token.id}") + + tokens = Token.get_user_tokens(token.user) + + assert tokens == [] + assert response.status == 201 + end end end